how to protect my rsa private key?

My app has a rsa private key

Replies

I use the key to encrypt my data ,my code is as follows:

privatekey = "M....

but is it possible for a hacker to get the key by reverse engineering?

If so ,how to protect it

but is it possible for a hacker to get the key by reverse engineering?

Of course. If you embed a secret within your app, it’s always possible for someone to extract that secret. What you're asking for here is effectively a DRM scheme (you want to give something to the user but only allow them to use it in some specific way) and, as we all know, 100% secure DRM is impossible.

You can, however, take reasonable steps to obfuscate data like this. There’s a thread on the old DevForums where I describe one approach that I think strikes a reasonable balance between coding time and security.

However, my general recommendation is that you avoid getting into this situation by not embedded secrets in your app in the first place. For example, rather than try to authenticate your app, you should authenticate users. That has two key advantages:

  • Your security is not dependent on one single key; there’s a key per user.

  • If a key leaks, you know who was responsible and can take steps from there.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

thanks, I have authenticated users ,but sometimes we have to encrypt somethink with RSA, I have to save the private key in my app, you say:"There’s a thread on the old DevForums where I describe one approach that I think strikes a reasonable balance between coding time and security."

but when I click thread, it linked to a wrong web page. may you give me the right link address? thanks very much!

may you give me the right link address?

The link is correct. I suspect the problem here is access control; access to the old DevForums site is more restricted than access to this site.

Anyway, I don’t think that matters because of this:

I have authenticated users, but sometimes we have to encrypt somethink with RSA, I have to save the private key in my app,

So, you have a private key per user? If so, you should store it in the keychain.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"